@page "/app/{AppId}/settings/authenticators"
@using Passwordless.AdminConsole.Services.PasswordlessManagement
@using Passwordless.Common.Models.MDS
@using Passwordless.Common.Models.Authenticators

@inject NavigationManager NavigationManager
@inject ICurrentContext CurrentContext
@inject IPasswordlessManagementClient ManagementClient
@inject IScopedPasswordlessClient Client

@inherits BaseApplicationPage

@if (_isInitialized)
{
    <Page Title="Authenticators" BreadCrumbItems="_breadCrumbs">
        <Panel Header="Allowlist">
            <p><strong>All authenticators are allowed by default.</strong> If you wish, you can control what authenticators are allowed.</p>
            <EditForm Model="ManageAllowlistForm" FormName="allowlist-form" OnSubmit="OnAllowlistFormSubmitted">
                <button class="btn-primary" name="ManageAllowlistForm.Action" type="submit" value="manage">Choose allowed authenticators</button>
            </EditForm>
            @if (Allowlist.Any())
            {
                <div id="allowlist" class="grid grid-cols-1 lg:grid-cols-2 2xl:grid-cols-3 gap-4">
                    @foreach (var authenticator in Allowlist)
                    {
                        <Card Title="@authenticator.Name" SubTitle="@authenticator.AaGuid.ToString()" />
                    }
                </div>
            }
        </Panel>
    </Page>
}

@code {
    private bool _isInitialized;

    public IReadOnlyCollection<ConfiguredAuthenticatorViewModel> Allowlist { get; private set; } = new List<ConfiguredAuthenticatorViewModel>(0);

    [SupplyParameterFromForm] public ManageAllowlistViewModel ManageAllowlistForm { get; private set; } = new();

    private IReadOnlyCollection<BreadCrumb.BreadCrumbItem>? _breadCrumbs;
    
    protected override async Task OnInitializedAsync()
    {
        _breadCrumbs = new List<BreadCrumb.BreadCrumbItem>
        {
            new("Settings", $"app/{AppId}/settings"),
            new("Authenticators", $"app/{AppId}/settings/authenticators")
        };
        
        if (!CurrentContext.Features.AllowAttestation)
        {
            NavigationManager.NavigateTo($"app/{AppId}/settings");
            return;
        }

        var mds = await ManagementClient.GetMetaDataStatementEntriesAsync(new EntriesRequest());
        var allowlistRequest = new ConfiguredAuthenticatorRequest(true);
        var allowlist = await Client.GetConfiguredAuthenticatorsAsync(allowlistRequest);
        Allowlist = allowlist
            .Select(x => new ConfiguredAuthenticatorViewModel(
                x.AaGuid,
                mds.FirstOrDefault(m => m.AaGuid == x.AaGuid)?.Name ?? "Authenticator"))
            .OrderBy(x => x.Name)
            .ToList();
        _isInitialized = true;
    }

    public record ConfiguredAuthenticatorViewModel(Guid AaGuid, string Name);

    private void OnAllowlistFormSubmitted()
    {
        switch (ManageAllowlistForm.Action)
        {
            case "manage":
                NavigationManager.NavigateTo($"app/{AppId}/settings/authenticators/manage");
                break;
        }
    }

    public class ManageAllowlistViewModel
    {
        public string? Action { get; set; }
    }
}